Exploitdb Exploits
2,814 exploits tracked across all sources.
Cfmsource CF Calendar - SQL Injection
SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.
by AlpHaNiX
Phpbb Tag Board < 4.0 - SQL Injection
SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
by StAkeR
w3b>cms <3.2.0 - Unspecified Vuln
Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors.
by DNX
RadASM 2.2.1.5 - '.rap' WindowCallProcA Pointer Hijack
by DATA_SNIPER
JMovies 1.1 - SQL Injection
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by StAkeR
Check Up New Generation <4.52 - SQL Injection
SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.
by CWH Underground
Geniuscyber Maxsite - Code Injection
Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter.
by CWH Underground
Bcoos < 1.0.13 - SQL Injection
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
by CWH Underground
Cain & Abel <4.9.24 - Buffer Overflow
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
by SkD
KTPCCD CMS - Path Traversal
Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI.
by CWH Underground
2enetworx Openforum - Access Control
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.
by CWH Underground
Lito Lite CMS - SQL Injection
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by CWH Underground
Microsoft Communicator - DoS
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
by Praveen Darshanam
CVSS 5.3
CMS little <0.0.1 - SQL Injection
SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.
by CWH Underground
Paul Arbogast Accms < 0.0.2 - Information Disclosure
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
by StAkeR
Clean CMS 1.5 - SQL Injection
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by JosS
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
by r0ut3r
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
by r0ut3r
Total Video Player - 'vcen.dll' Remote Off-by-One Crash
by Cnaph
Nero Showtime - Memory Corruption
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.
by LiquidWorm
Quicksilver Forums - Path Traversal
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
by girex
PunPortal <2.0 - Path Traversal
Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter.
by StAkeR
wPortfolio <0.3 - RCE
Unrestricted file upload vulnerability in admin/upload_form.php in wPortfolio 0.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in admin/tmp/.
by Osirys
Cms.maury91 Maurycms - SQL Injection
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
by StAkeR
By Source